{"id":283957,"date":"2010-02-05T09:37:00","date_gmt":"2010-02-05T14:37:00","guid":{"rendered":"tag:blogger.com,1999:blog-5587346.post-7075232243729344395"},"modified":"2010-02-05T09:37:51","modified_gmt":"2010-02-05T14:37:51","slug":"the-clampi-trojan-says-%e2%80%a6-get-a-mac","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/283957","title":{"rendered":"The Clampi Trojan says \u2026. Get a Mac"},"content":{"rendered":"

A Windows 2003 server machine I use may, or may not, have been infected with the Clampi trojan (ilomi.b or ilomo.c, which depending on your font, may look a lot like llomi or IIlomi or ILomi).<\/p>\n

I say \u201cmay not\u201d, because the combination of \u201cWindows 2003\u201d and "antivirus\u201d has a high rate of false positive claims that can wreak as much destruction as the antiviral software.<\/p>\n

In researching the Clampi trojan Google suggested I read this summary (emphases mine) \u2026<\/p>\n

\n

Clampi\/Ligats\/Ilomo Trojan – Research – SecureWorks<\/a><\/p>\n

\u2026 Clampi\u2019s recent success in infecting victims is accomplished by using domain administrator credentials (either stolen by the Trojan or re-used, or by virtue of the fact that a domain administrator has logged into an already infected system). Once domain administrator privileges are granted, the Trojan uses the SysInternals tool "psexec" to copy itself to all computers on the domain.<\/p>\n

Clampi also serves as a proxy server used by criminals to anonymize their activity when logging into stolen accounts\u2026<\/p>\n

\u2026 Clampi is operated by a serious and sophisticated organized crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions. Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but especially financial credentials.<\/p>\n

\u2026 Most major anti-virus engines should be able to detect Clampi variants; however there is always a delay between a new Trojan release and the detection time.  Given the prevalence and seriousness of the Clampi Trojan, it is recommended that businesses that carry out online banking\/financial transactions adopt a strategy to isolate workstations where these activities are carried out from possible Clampi or other data-stealing Trojan infections.<\/p>\n

This may include using a dedicated workstation for accessing financial accounts which is isolated from the rest of the local network and the Internet except for the specific financial sites required to be accessed. Since Trojans can also be spread using removable drives, systems should be hardened against auto run-type threats. Businesses may even consider using an alternative operating system for workstations accessing sensitive or financial accounts.<\/p>\n

Home Computer User Protection<\/em>
<\/strong>SecureWorks CTU recommends that home computer users use a computer dedicated only to doing their online banking and bill pay<\/strong>.  They should not use that computer to surf the web and send and receive email, since web exploits and malicious email are two of the key malware infection vectors.  <\/p>\n<\/blockquote>\n

As an alternative to operating a secure home PC for all important work, home users could, you know, buy a Mac. They would then have one machine to use for everything.[1]<\/p>\n

Maybe Apple is funding Clampi development?<\/p>\n

—<\/p>\n

[1] The Mac\u2019s vast security advantage comes from the \u201cfaster friend\u201d security philosophy. When you and a friend are being chased by a bear, you don\u2019t have to be faster than the bear, you have be faster than your friend. OS X 10.6 is, in practical terms, fundamentally more secure than XP, but not necessarily theoretically<\/em> more secure than Microsoft\u2019s very latest foul demon<\/a>. The big Mac advantage is that the world\u2019s criminals don\u2019t own Apple machines, and have very little interest in targeting Macs as long as the vast majority of banks and corporations run some flavor of Windows. I\u2019ve often wondered, incidentally, if Windows 98 isn\u2019t now a very secure environment. I doubt many Trojans would infect it any more.<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

A Windows 2003 server machine I use may, or may not, have been infected with the Clampi trojan (ilomi.b or ilomo.c, which depending on your font, may look a lot like llomi or IIlomi or ILomi). I say \u201cmay not\u201d, because the combination of \u201cWindows 2003\u201d and "antivirus\u201d has a high rate of false positive […]<\/p>\n","protected":false},"author":711,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-283957","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/283957","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/711"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=283957"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/283957\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=283957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=283957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=283957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}